Sarah Scheffler

About me

I am a grad student in the BUSec group working with Sharon Goldberg and Leo Reyzin. My interests include applied cryptography and multi-party computation. Before I went to Boston University, I majored in computer science and mathematics at Harvey Mudd College. When not working on crypto research, I can usually be found playing Dungeons & Dragons.

I also made the BU CS department poster template for Beamer. Feel free to email me, make an issue, or make a pull request with complaints or suggestions.

Current Research

Building a Failure-Resistant, Plugin-based Password-Based Key Derivation Function

Older password-based key derivation functions like PBKDF2 rely on repeated iteration of a single hash function to force the attacker to spend more resources. But thanks to Bitcoin, the cost of specialized hardware to do small, repeated functions, has gone down dramatically. Newer PBKDFs like scrypt add memory as a resource that attackers must spend in order to compute efficiently. We extend this resource consumption model to a PBKDF that consumes many resources, like CPU, storage, cache, or chip access in order to correctly derive the key from the password.

For more information, see our poster. Paper is forthcoming.

Measuring DNS Queries caused by Email and Spam Prevention

Our goal is to determine the relationship between mail servers and the Domain Name System resolvers that make DNS queries on their behalf. Of particular interest are the DNS queries caused by spam prevention mechanisms such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC).

For more information, see our website or poster.

Older Projects

Proactively-secure Accumulo with Cryptographic Enforcement

At the MIT Lincoln Laboratory, as assistant research staff, I worked in the Secure and Resilient Systems and Technology group within the Cybersecurity and Information Sciences division to assist in the implementation, testing, and release of a library that adds confidentiality and integrity guarantees to the Accumulo database, protecting it against a malicious server or sysadmin. Earlier in the project, I also implemented Oblivious RAM (Path ORAM) for Accumulo.

Quantifying Latent Fingerprint Quality

As a capstone project at Harvey Mudd College, I worked with a team of four students for the MITRE Corporation on a project to design, implement, and test a system that uses image processing and machine learning techniques to evaluate the suitability of crime scene fingerprint images for identification by Automated Fingerprint Identification Systems.

Statistical Testing of Cryptographic Entropy Sources

As a summer undergraduate research fellow at the National Institute of Standards and Technology (NIST), I worked with Dr. Allen Roginsky in the Computer Security Division to improve NIST's statistical tests for entropy sources for use in cryptographic random number generators. I also made adjustments to the process for generating large primes used in cryptography.